CVE-2025-12487
Published: 06 November 2025
Summary
CVE-2025-12487 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
Deeper analysis
CVE-2025-12487 affects oobabooga text-generation-webui and stems from improper handling of the trust_remote_code parameter supplied to the join endpoint. The component fails to validate the user-supplied argument before using it to load a model, allowing untrusted inputs to trigger code execution. The vulnerability is tracked as ZDI-CAN-26681 and carries a CVSS 3.0 score of 9.8.
Unauthenticated remote attackers can exploit the flaw over the network to execute arbitrary code in the context of the service account. No user interaction or credentials are required, and the attack succeeds simply by supplying a malicious value for the trust_remote_code parameter when invoking the join endpoint.
The referenced GitHub commit b5a6904c4ac4049823396090360b6f566f4e4603 addresses the issue in the codebase, while the Zero Day Initiative advisory ZDI-25-982 provides coordinated disclosure details for affected deployments.
The associated EPSS score rose from a baseline of 0.0136 to a peak of 0.0284, indicating emerging exploitation interest after public disclosure of this AI/ML-oriented web interface.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-38158
Vulnerability details
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
more
handling of the trust_remote_code parameter provided to the join endpoint. The issue results from the lack of proper validation of a user-supplied argument before using it to load a model. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26681.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: text-generation-webui
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Prevents reliance on untrusted matching results for security-relevant decisions by enforcing verification and contest procedures.
Providing authoritative attributes with the data reduces the need for security decisions to rely on untrusted external inputs.
Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data.